CLAIMS 



What is claimed is: 



5 1 . An identity based service system, comprising: 

at least one principal comprising at least one identity comprising user 
information; 

a basic authentication agency for managing at least one identity for the 
principal, and for authenticating the principal; and 
10 a system entity which is accessible by the principal, based on an 

authentication of the principal by the basic authentication agency, and based on 
retrieval of at least a portion of user information from the basic authentication 
agency. 

15 2. The identity based service system of Claim 1 , further comprising: 

at least one core service associated with the system and related to at least a 
portion of the user information. 

3. The identity based service system of Claim 2, wherein the core service is 
20 accessible by the user, based on an authentication of the principal by the basic 

authentication agency. 

4. The identity based service system of Claim 2, wherein the core service is 
accessible by the system entity, based on an authentication of the principal by the 

25 basic authentication agency. 

./ 

5. The identity based service system of Claim 2, wherein the core service is 
associated with one or more core service providers. 

30 6. The identity based service system of Claim 2, wherein the core service 
comprises any of an authentication service, a profile service, an alert service, a 
calendar service, and a wallet service. 
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7. The identity based service system of Claim 1, wherein the basic authentication 
agency further comprises means for translating namespaces, such that a user 
identity of a principal in a first namespace is translatable to a user identity in a 
second namespace. 

8. The identity based service system of Claim 7, wherein the user identity in the 
second namespace is encrypted. 

9. The identity based service system of Claim 7, wherein the user identity in the 
second namespace is time-bound. 

10. The identity based service system of Claim 1 , further comprising: 
at least one core authentication record associated with the identity, 

comprising any of services and links associated with the identity. 

1 1. An identity based service system, comprising: 
a basic authentication agency for managing an identity for a user; 
means for discovering a service descriptor for the user, based on a received 

user identifier and a service name from the basic authentication agency; and 

whereby at least one web service is accessible, based upon the discovered 
service descriptor and the name identifier. 

12. The identity based service system of Claim 1 1 , further comprising: 
a discovery module associated with the basic authentication agency and 

25 adapted to receive a user identifier associated with the user and a service name 
known to the system. 

13. The identity based service system of Claim 1 1 , further comprising: 

at least one core service associated with the system and related to the user. 

30 

14. The identity based service system of Claim 13, wherein the core service is 
accessible by the user, based on a system authentication of the principal at the 
basic authentication agency. 
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15. The identity based service system of Claim 13, wherein the core service is 
accessible by a system entity, based on an authentication of the principal at the 
basic authentication agency. 

5 

16. The identity based service system of Claim 13, wherein the core service is 
associated with one or more core service providers. 

17. The identity based service system of Claim 13, wherein the core service 
10 comprises any of an authentication service, a profile service, an alert service, a 

calendar service, and a wallet service. 

18. The identity based service system of Claim 11, wherein the basic 
authentication agency further comprises means for translating namespaces, such 

15 that a user identity of a principal in a first namespace is translatable to a user 
identity in a second namespace. 

19. The identity based service system of Claim 18, wherein the user identity in the 
second namespace is encrypted. 

20 

20. The identity based service system of Claim 18, wherein the user identity in the 
second namespace is time-bound. 

21 . The identity based service system of Claim 1 1 , further comprising: 

25 at least one core authentication record associated with the identity, 

comprising any of services and links associated with the identity. 

22. The system of Claim 11, wherein the principal is located at a device linked to 
the identity based service system. 

30 

23. An identity based service process, comprising: 

providing a basic authentication agency for managing an identity for a user; 
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receiving a user identifier associated with the user and a service name 
known to the system; 

discovering a service descriptor for the user, based on a received user 
identifier and a service name; and 
5 controllably authenticating access to a service, based upon the receipt of the 

discovered service descriptor and the name identifier. 

24. The process of Claim 23, further comprising the step of: 

establishing at least one core service associated with the system and related 
10 to the user. 

25. The process of Claim 24, wherein the core service is accessible by the user, 
based on a system authentication of the principal at the basic authentication 
agency. 

15 

26. The process of Claim 24, wherein the core service is accessible by a system 
entity, based on an authentication of the principal at the basic authentication 
agency. 

20 27. The process of Claim 24, wherein the core service is associated with one or 
more core service providers. 

28. The process of Claim 23, wherein the core service comprises any of an 
authentication service, a profile service, an alert service, a calendar service, and a 

25 wallet service. 

29. The process of Claim 23, further comprising the step of: 

translating namespaces, such that a user identity of a principal in a first 
namespace is translated to a user identity in a second namespace. 

30 

30. The process of Claim 29, further comprising the step of: 

encrypting the user identity in the second namespace. 
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31 . The process of Claim 29, wherein the user identity in the second namespace is 
time-bound. 



32. The process of Claim 23, further comprising the step of: 

5 associating at least one core authentication record with the identity, 

comprising any of services and links associated with the identity. 

33. A process, comprising the steps of: 

providing a basic authentication agency networked to a service having a 
10 service name; 

establishing an identity at the basic authentication agency for a principal, 
comprising information and a name identifier for a user; 

establishing a link between the principal and the service by the basic 
authentication agency, based upon a receipt of a user identifier and a service 
is name. 
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